Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Garden not refreshing auth tokens

See original GitHub issue

Bug

Garden does not refresh auth tokens in the same manner that kubectl does. When using garden with AKS and RBAC set up, the token in the kubeconfig file will expire and garden does not fetch a new one (as for e.g. kubectl does). I need to do a manual kubectl get pods or other arbitrary kubectl command then garden will continue working. This issue looks to have been reported several years ago, acknowledged, but then closed as stale

https://github.com/garden-io/garden/issues/1043

Current Behavior

When using AKS and a cluster with RBAC enabled, auth tokens will time out and garden commands will return

Expected behavior

When an auth token has expired, garden will aquire a new one using the refresh mechanism that kubectl uses.

Reproducible example

Workaround

We need to manually run an arbitrary kubectl commmand when we get the above error message.

Additional context

Your environment

OS: macOS
How I’m running Kubernetes: AKS

garden version

0.12.19

Issue Analytics

State:
Created 2 years ago
Comments:25 (10 by maintainers)

Top GitHub Comments

2reactions

ITHedgeHogcommented, Jun 18, 2021

@eysi09 @twelvemo That appears to have resolved it for me, I’ve been working for 5 hours non-stop now without having to run any manual kubectl commands.

1reaction

graemechristiecommented, May 14, 2021

Looking at #1043 - it seems this also affects other services on aws, or anything using kubectl exec plugins like heptio-authenticator-aws - so it seems the AKS support in kubectl is via a “kubelogin” plugin (presumably this https://github.com/Azure/kubelogin) … e.g. my kubeconfig uses: